package com.knife.hospital.controller;

import com.knife.hospital.entity.UserPO;
import com.knife.hospital.model.Result;
import com.knife.hospital.model.UserVO;
import com.knife.hospital.service.UserLoginService;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;

import javax.annotation.Resource;
import java.util.Objects;

@Controller
@CrossOrigin
@ResponseBody
public class LoginController {
    @Resource
    private UserLoginService userLoginService;

    @PostMapping(value = "api/login")
    public Result login(@RequestBody UserVO requestUser) {
        // 对 html 标签进行转义，防止 XSS 攻击
        String username = requestUser.getUsername();
        username = HtmlUtils.htmlEscape(username);

        UserPO userPO = userLoginService.selectByNameAndPassword(username, requestUser.getPassword());
        if (Objects.nonNull(userPO))
            return new Result(200);
        else
            return new Result(400);
    }
}
